[....] Starting enhanced syslogd: rsyslogd[   13.646264] audit: type=1400 audit(1520298185.305:4): avc:  denied  { syslog } for  pid=3642 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
2018/03/06 01:03:19 fuzzer started
2018/03/06 01:03:19 dialing manager at 10.128.0.26:46823
2018/03/06 01:03:23 kcov=true, comps=false
2018/03/06 01:03:25 executing program 0:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr=0x5}, 0x10)
sendto$inet(r0, &(0x7f00001b9000), 0x0, 0x20008007, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)

2018/03/06 01:03:25 executing program 7:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180), &(0x7f0000000000)=0x4)

2018/03/06 01:03:25 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00')
preadv(r0, &(0x7f0000001380)=[{&(0x7f0000001100)=""/92, 0x5c}, {&(0x7f0000001300)=""/41, 0x29}, {&(0x7f0000001340)=""/54, 0x36}], 0x3, 0x0)

2018/03/06 01:03:25 executing program 1:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x15, 0x5, 0x0)
bind$inet(r0, &(0x7f000001bff0)={0x2, 0x4e22, @loopback=0x7f000001}, 0x10)
connect$inet(r0, &(0x7f0000024ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000037000)=@sco, 0x80, &(0x7f0000000b40)=[{&(0x7f00000008c0)=""/208, 0xd0}], 0x1, &(0x7f0000021f03)=""/253, 0xfd}, 0x0)
sendmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="a0", 0x1}], 0x1, &(0x7f0000000180)=[]}, 0x0)

2018/03/06 01:03:25 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

2018/03/06 01:03:25 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000058000)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x0, {{0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f000060a000)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x1, [], 0x1}}}, 0x0, 0x0, []}, 0x90)

2018/03/06 01:03:25 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000040)={'security\x00', 0x2, [{}, {}]}, 0x48)

2018/03/06 01:03:25 executing program 6:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000040)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)

syzkaller login: [   33.623646] audit: type=1400 audit(1520298205.285:5): avc:  denied  { sys_admin } for  pid=3852 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   33.658582] IPVS: Creating netns size=2536 id=1
[   33.668346] audit: type=1400 audit(1520298205.335:6): avc:  denied  { net_admin } for  pid=3854 comm="syz-executor7" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   33.720813] IPVS: Creating netns size=2536 id=2
[   33.738704] IPVS: Creating netns size=2536 id=3
[   33.778079] IPVS: Creating netns size=2536 id=4
[   33.814244] IPVS: Creating netns size=2536 id=5
[   33.856040] IPVS: Creating netns size=2536 id=6
[   33.892977] IPVS: Creating netns size=2536 id=7
[   33.942102] IPVS: Creating netns size=2536 id=8
[   34.585919] ip (4269) used greatest stack depth: 23376 bytes left
[   36.198183] audit: type=1400 audit(1520298207.865:7): avc:  denied  { sys_chroot } for  pid=3854 comm="syz-executor7" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2018/03/06 01:03:28 executing program 7:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000017c0)={'ip_vti0\x00', {0x2, 0x4e20, @loopback=0x7f000001}})

2018/03/06 01:03:28 executing program 7:
perf_event_open(&(0x7f0000220000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000044ff8)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000bc000)=@abs, 0x8)
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
sendmmsg$unix(r1, &(0x7f00000bd000)=[], 0x80, 0x0)

[   36.446241] audit: type=1400 audit(1520298208.105:8): avc:  denied  { dac_override } for  pid=5140 comm="syz-executor3" capability=1  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2018/03/06 01:03:28 executing program 7:
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = dup(r0)
bind$inet(r0, &(0x7f000012e000)={0x2, 0x4e23, @broadcast=0xffffffff}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000e9bff0)={0x1, &(0x7f0000f07000)=[{0x6, 0x0, 0x0, 0x101}]}, 0x10)
connect$inet(r0, &(0x7f0000987000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, &(0x7f00002e8f1e)="96427feebcc603c266d2a2c2da2644124066d6c52746a66fd07a4a9370b924b494651c3febca0be535e0f30bbafe65b8b859d6696b208f558b002bbc2366429da28cdb97727474f32fcce772ce439a1b5785bb74b8040705191a3d28e775b402a04cdf7881cf1c80eb042835db0e8c24fd0e3c0f396da612f44d9999de32f883521dfa4593a5772e19b5c0c27ace555870d7fe3a1819c614a8d9447cfa592c236d96bf255bf3966b0c1c34711ce489df2032a31902ae0742b79d7334ef248790fa0e3787e4b945215cddc03c4f384e6815bab43d34b8c04eb06ff00f10743a0e25f6", 0xe2, 0x0, &(0x7f0000848ff0)={0x2, 0x4e20, @dev={0xac, 0x14}}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="000ebcbc", 0x4, 0x1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000266ffc), 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f00002bff1e), 0x0, 0x0, &(0x7f0000a28000)={0x2, 0x4e20, @local={0xac, 0x14, 0xffffffffffffffff, 0xaa}}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x500800}, 0xc, &(0x7f0000000240)={&(0x7f0000000700)={0x31c, 0x22, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@generic="d63299a632b5fe85507d5d3db009c20237d6afe0870dea640367cad37f2cca9a54892ec993612a8fcecfa2bd64afff9464dc158b57880b0740185057623856db3ddf52e875884c6728b1569b0bb2b4c6bafb4a33e861ca6c5e8f6c8e0881ca11547c7c59149b9a298efda7cceb3246eb54b697311fae06177c0024f279f069b064051484b2cc7746652f2b4aaf628d65c9b16e77951c9173bddc5bd1eea440088f9672b65dde839f102807a412bc4f5293c3cd722bfb293131d2a90e996dbf8305b4d8b88f261addb0cb24d47163122bb41a9cb93690731cba4458bbe3435e704a968b709dbae1", @generic, @nested={0xd8, 0x4a, [@generic="1e0975f0e183bd5a54d88a2cc97ea940d11df9bd7dad63577f7e052fa0acb534aaee09761bc7db087d7265d4c4afaf1a00743a86c9275ee6d16ff99569434226510c7b7f883f1bb561c73f5b705c7e352ce78b13437af2be531a36cd5c7ffebf3c739c2ba74cce42e42a0abfd0806842b3c867f3ffeae0bd4833c6dd17106b9c53c764c1f72d7b3a212bdaaba154c7667d381b2480c4eb6848a0aa93b4d9d5873e168d8c304d5cdf31039cc84ebd518c025176c55ec7b61f8f2e54d51a4b813f449259aa389e4b33013b28d9b641aa21a5"]}, @nested={0x50, 0x6c, [@generic="ab4372c95614c9190269c6b8d0c8a657a6858a1a65870debabdd5c620cc43ed5c9bfb485522c3a0a1d807f", @typed={0xc, 0x5, @pid}, @typed={0x8, 0x1e}, @typed={0xc, 0x7, @u32=0xc3e5}]}, @nested={0xf8, 0x77, [@typed={0xc, 0xc, @ipv4=@multicast1=0xe0000001}, @typed={0x18, 0x96, @ipv6=@remote={0xfe, 0x80, [], 0xbb}}, @typed={0x10, 0x4c, @str='irlan0\x00'}, @generic="f6d913a6eccf3617e073140f8f12550aff4d1713c08c10862c8ac560fc9c33488a276691273c320ddf3face5d792420e76c12b3b026ee9fedcea16c11c5ee2674cb5e1c815a10c596376c6a978ae17073fcc1086b3e41c2aee754e7522fa21d2c4418babd11ad27b12533a78e6a5fc5a87984109332206926be5be2741a4086d7c521bb6443f38facff5b8bd4c2aec5672ef6d91f140071e4e33683334ce9703f9b1636ea0171be588084aa22821532f911dbddf427812d0a43cb14a94"]}]}, 0x31c}, 0x1, 0x0, 0x0, 0x20040001}, 0xc000)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f0000000640)=[{{&(0x7f0000000000)=ANY=[], 0x0, &(0x7f0000000540)=[{&(0x7f0000000300)=""/204, 0xcc}, {&(0x7f00000004c0)=""/108, 0x6c}], 0x2, &(0x7f0000000600)=""/10, 0xa}}], 0x1, 0x100, &(0x7f00000006c0))

2018/03/06 01:03:28 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f00000029c0)='./file0\x00', &(0x7f0000002ac0)='./file0\x00', &(0x7f0000002a00)='Kfs\x00', 0x0, &(0x7f00000026c0))

2018/03/06 01:03:28 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2000001, 0x0)
write$sndseq(r0, &(0x7f0000001280)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x1}}], 0x30)

2018/03/06 01:03:28 executing program 3:
mount(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='/', &(0x7f0000000140)='cgroup\x00', 0x0, &(0x7f0000000180)='{')

2018/03/06 01:03:28 executing program 2:
r0 = socket$inet(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x44)

2018/03/06 01:03:28 executing program 7:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000050bff6)='/dev/ptmx\x00', 0x0, 0x0)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000b04000))
ioctl$TIOCSCTTY(r0, 0x540e, 0x0)
ioctl$TIOCMBIS(0xffffffffffffffff, 0x5416, &(0x7f0000000180))

2018/03/06 01:03:28 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x48, 0x0, &(0x7f0000000040)="200a4f7d2cd3cf681df3e40f9a52c906790667ea55684d1647b5e62cd403c20cdc7d576f7ea8e978c8aec8834536b5140fed9f16c9c0763033919c342ff0084dd944f0455006071b"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f000026c000)=[], &(0x7f000000afd0)=[]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[], &(0x7f0000000080)=[]}}], 0x0, 0x0, &(0x7f0000000500)})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000015c0)={0x0, 0x0, &(0x7f00000002c0)=[], 0x1, 0x0, &(0x7f0000000500)='j'})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[], 0x4c, 0x0, &(0x7f0000000400)="33ec06451893c8ed9866ad6bd15b0d3d5c95f3d43a33a35c427aa7dddfb2246f59cc0578868c646549d6bc4e7b5941f777be027db99e2221ad00ea2da4f4276cf293df269c7325dd0659b79d"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1163484000000000", @ANYPTR=&(0x7f00000001c0)=ANY=[]], 0x0, 0x0, &(0x7f00000002c0)})

2018/03/06 01:03:28 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000942000)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
connect$inet(r0, &(0x7f0000606ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)

2018/03/06 01:03:28 executing program 1:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f000033efc8)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a0000020000000000000000000000fa887e9f79fcc22d732995de4cd77ae3ecb374fa5ba90d33b4e13b1cda04e63a199a5c485dbcee409e66ae7a32985817506c3a64e83d6e7fa33530270bf51041095e01f44aae"], 0x56}, 0x1}, 0x0)

2018/03/06 01:03:28 executing program 6:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00004c0000)={0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @empty}}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)='\x00', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [], 0xaa}, 0x4}, 0x1c)
listen(r0, 0x43)
r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000edc000)=0x3, 0x4)
sendto$inet6(r1, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x0, 0x1}}, 0x1c)
sendmsg$netlink(r1, &(0x7f00009f3fc8)={0x0, 0x0, &(0x7f000070f000)=[{&(0x7f0000a77000)={0x2300, 0x0, 0x0, 0x0, 0x0, "", []}, 0x2300}], 0x1, &(0x7f0000414000)=[]}, 0x0)
accept4(r0, 0x0, &(0x7f0000da8ffc), 0x0)

2018/03/06 01:03:28 executing program 7:
request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f00000003c0)={0x73, 0x79, 0x7a}, &(0x7f0000000400)='filter\x00', 0xffffffffffffffff)

2018/03/06 01:03:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
read(r0, &(0x7f0000000180)=""/217, 0xd9)
ioctl$TCXONC(r1, 0x540a, 0x0)

2018/03/06 01:03:28 executing program 3:
request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000180)={0x73, 0x79, 0x7a}, &(0x7f00000001c0)='wlan0\x00', 0xffffffffffffffff)

2018/03/06 01:03:28 executing program 0:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2000001, 0x0)
write$sndseq(r0, &(0x7f0000001280)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x1}}], 0x30)

2018/03/06 01:03:28 executing program 7:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000000000)=""/28, 0xe)

[   36.761222] audit: type=1400 audit(1520298208.425:9): avc:  denied  { set_context_mgr } for  pid=5255 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
2018/03/06 01:03:28 executing program 2:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000001c0))

2018/03/06 01:03:28 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
read(r0, &(0x7f0000000180)=""/217, 0xd9)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000de2ffc))
ioctl$TCXONC(r1, 0x540a, 0x0)

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 3:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 6:

[   36.795686] binder: 5255:5278 ERROR: BC_REGISTER_LOOPER called without request
[   36.817901] audit: type=1400 audit(1520298208.485:10): avc:  denied  { call } for  pid=5255 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1
[   36.909177] binder: 5255:5297 got new transaction with bad transaction stack, transaction 3 has target 5255:0
[   36.919508] binder: 5255:5297 transaction failed 29201/-71, size 0-0 line 3031
[   36.939019] binder: BINDER_SET_CONTEXT_MGR already set
[   36.944369] binder: 5255:5308 ioctl 40046207 0 returned -16
[   36.951714] binder: 5255:5297 ERROR: BC_REGISTER_LOOPER called without request
[   36.959176] binder_alloc: 5255: binder_alloc_buf, no vma
[   36.964638] binder: 5255:5308 transaction failed 29189/-3, size 0-0 line 3127
[   36.973170] binder: undelivered TRANSACTION_ERROR: 29189
[   36.973187] binder_alloc: 5255: binder_alloc_buf, no vma
[   36.973202] binder: 5255:5297 transaction failed 29189/-3, size 0-0 line 3127
[   36.993820] binder_alloc: 5255: binder_alloc_buf, no vma
[   36.999308] binder: 5255:5308 transaction failed 29189/-3, size 0-0 line 3127
2018/03/06 01:03:28 executing program 2:

2018/03/06 01:03:28 executing program 3:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
read(r0, &(0x7f0000000180)=""/217, 0xd9)
ioctl$TCXONC(r1, 0x540a, 0x0)

2018/03/06 01:03:28 executing program 1:

2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000f5b000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper={0x630b}], 0x48, 0x0, &(0x7f0000000040)="200a4f7d2cd3cf681df3e40f9a52c906790667ea55684d1647b5e62cd403c20cdc7d576f7ea8e978c8aec8834536b5140fed9f16c9c0763033919c342ff0084dd944f0455006071b"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f000026c000)=[], &(0x7f000000afd0)=[]}}], 0x0, 0x0, &(0x7f0000009000)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[], &(0x7f0000000080)=[]}}], 0x0, 0x0, &(0x7f0000000500)})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000015c0)={0x0, 0x0, &(0x7f00000002c0)=[], 0x1, 0x0, &(0x7f0000000500)='j'})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[], 0x4c, 0x0, &(0x7f0000000400)="33ec06451893c8ed9866ad6bd15b0d3d5c95f3d43a33a35c427aa7dddfb2246f59cc0578868c646549d6bc4e7b5941f777be027db99e2221ad00ea2da4f4276cf293df269c7325dd0659b79d"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x10, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1163484000000000", @ANYPTR=&(0x7f00000001c0)=ANY=[]], 0x0, 0x0, &(0x7f00000002c0)})

2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 3:

2018/03/06 01:03:28 executing program 1:

[   37.019217] binder: undelivered TRANSACTION_ERROR: 29189
[   37.024892] binder: release 5255:5278 transaction 1 out, still active
[   37.048310] binder: undelivered TRANSACTION_COMPLETE
[   37.059399] binder: release 5255:5297 transaction 3 out, still active
[   37.066015] binder: undelivered TRANSACTION_COMPLETE
[   37.067774] binder: 5318:5322 ERROR: BC_REGISTER_LOOPER called without request
[   37.078548] binder: undelivered TRANSACTION_ERROR: 29201
[   37.084025] binder: send failed reply for transaction 3, target dead
[   37.090816] binder: send failed reply for transaction 1, target dead
[   37.091161] binder: release 5318:5322 transaction 10 out, still active
[   37.091166] binder: release 5318:5322 transaction 9 in, still active
[   37.091169] binder: undelivered TRANSACTION_COMPLETE
2018/03/06 01:03:28 executing program 2:

2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 4:

2018/03/06 01:03:28 executing program 3:

2018/03/06 01:03:28 executing program 1:

2018/03/06 01:03:28 executing program 5:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 3:

2018/03/06 01:03:28 executing program 1:

2018/03/06 01:03:28 executing program 2:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 5:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 4:

2018/03/06 01:03:28 executing program 7:

[   37.126180] binder: release 5318:5324 transaction 11 in, still active
[   37.136353] binder: send failed reply for transaction 11 to 5318:5324
[   37.159328] ==================================================================
[   37.166737] BUG: KASAN: use-after-free in __list_del_entry+0x196/0x1d0
2018/03/06 01:03:28 executing program 0:

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 0:
r0 = add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={0x73, 0x79, 0x7a}, &(0x7f00000002c0)='(', 0x1, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000300)='dns_resolver\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a}, 0x0)

2018/03/06 01:03:28 executing program 6:

2018/03/06 01:03:28 executing program 7:

2018/03/06 01:03:28 executing program 4:
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000440)='/selinux/checkreqprot\x00', 0x42001, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="ada900b16495b10f087139e31f46a603cd6cea2381d306d38149e62ea8ae119eb410783d69627d6cbbc47218ea7ceb3d7cc085c6485edd623610ce6df3005cbb7f69fa5c4855b77803afaf622be437ee89717551d6fa6cb06e89feadd0672cf7dc0cb93ee677450a5b39df310e187a152649af26f14f88651fe212be4388545d6d79408d6f2faa74b8918f7a630da120757235ac2ebe", 0x96}], 0x1)

2018/03/06 01:03:28 executing program 2:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x802, 0x0)
write(r0, &(0x7f0000000000)="220000001800070700be0020090007000a00f688fccb008d2cd3c7f713b90900f8ff", 0x22)

2018/03/06 01:03:28 executing program 5:
mount(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='/', &(0x7f0000000140)='\x00\x00\x00\x00\x00\x00\x00', 0x0, &(0x7f0000000180))

2018/03/06 01:03:28 executing program 3:
perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0))
clock_adjtime(0x0, &(0x7f0000000200)={0x400, 0x0, 0x0, 0x3ff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0xddb7, 0xfffffffffffffeff, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1ff, 0xcdb, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x6})

2018/03/06 01:03:28 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={&(0x7f0000f8d000)={0x10}, 0xc, &(0x7f00008a7000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c00000001040101ffffffffffffffff00000002090000000000000000000000000000"], 0x23}, 0x1}, 0x0)

[   37.173392] Read of size 8 at addr ffff8801d03b4d10 by task kworker/0:2/1802
[   37.180564] 
[   37.182183] CPU: 0 PID: 1802 Comm: kworker/0:2 Not tainted 4.9.86-gb324a70 #58
[   37.189525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.198872] Workqueue: events binder_deferred_func
[   37.203921]  ffff8801cefafa50 ffffffff81d956f9 ffffea000740ed00 ffff8801d03b4d10
[   37.211951]  0000000000000000 ffff8801d03b4d10 ffffed00367c9999 ffff8801cefafa88
2018/03/06 01:03:28 executing program 1:
execveat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000005000)=[], &(0x7f000000f000)=[&(0x7f0000001fff)='\x00', &(0x7f0000006fec)='cpusetbdevselinux:\\\x00'], 0x0)
r0 = memfd_create(&(0x7f0000000ffe)='\'\x00', 0x2)
fcntl$lock(r0, 0x24, &(0x7f000000eff0))
syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x1f, 0x80)

2018/03/06 01:03:28 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e20, @multicast2=0xe0000002}}}, 0xa0)
setsockopt$inet_buf(r0, 0x0, 0x2b, &(0x7f0000000080)="0500000002", 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'gretap0\x00', <r1=>0x0})
setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000200)={r1, @dev={0xac, 0x14, 0x14, 0x15}, @dev={0xac, 0x14, 0x14, 0x16}}, 0xc)

[   37.219965]  ffffffff8153e083 ffff8801d03b4d10 0000000000000008 0000000000000000
[   37.227996] Call Trace:
[   37.228005] netlink: 6 bytes leftover after parsing attributes in process `syz-executor2'.
[   37.228256] audit: type=1400 audit(1520298208.825:11): avc:  denied  { create } for  pid=5354 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   37.232856] audit: type=1400 audit(1520298208.825:12): avc:  denied  { write } for  pid=5354 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   37.236372] netlink: 6 bytes leftover after parsing attributes in process `syz-executor2'.
[   37.283540] syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
[   37.285536] audit: type=1400 audit(1520298208.825:13): avc:  denied  { net_raw } for  pid=5371 comm="syz-executor1" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   37.325746]  [<ffffffff81d956f9>] dump_stack+0xc1/0x128
[   37.331104]  [<ffffffff8153e083>] print_address_description+0x73/0x280
[   37.337763]  [<ffffffff8153e5a5>] kasan_report+0x275/0x360
[   37.343384]  [<ffffffff81dfd0b6>] ? __list_del_entry+0x196/0x1d0
[   37.349537]  [<ffffffff8153e704>] __asan_report_load8_noabort+0x14/0x20
[   37.356282]  [<ffffffff81dfd0b6>] __list_del_entry+0x196/0x1d0
[   37.362247]  [<ffffffff82d64cbc>] binder_release_work+0x8c/0x260
[   37.368389]  [<ffffffff82d648da>] ? binder_send_failed_reply+0x18a/0x3a0
2018/03/06 01:03:28 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000f02000)="4402", 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000340)=@filter={'filter\x00', 0xe, 0x2, 0x2ac, [0x0, 0x20000080, 0x2000029c, 0x200002cc], 0x0, &(0x7f0000000040), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0x19, 0x0, 0x88f7, 'irlan0\x00', 'lo\x00', 'syzkaller1\x00', 'lo\x00', @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [0xff, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0x0, 0x0, 0xff], 0x70, 0xb4, 0xdc, []}, [@common=@ERROR={'ERROR\x00', 0x20, {"c6c5edd94600d7b98c5f9ba9b5b1d55ca1c604ebe1153a0be7c621cdd1eb"}}]}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x4, {{0x80000000}}}}, {{{0x3, 0x28, 0x22f0, 'ip_vti0\x00', 'dummy0\x00', 'bcsf0\x00', 'eql\x00', @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xf}, [0x0, 0xff, 0xff, 0x0, 0xff], @empty, [0x0, 0x0, 0xff, 0x0, 0xff], 0x70, 0xc8, 0x110, []}, [@common=@dnat={'dnat\x00', 0xc, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x54bc6292f44382db}, 0xfffffffffffffffe}}}, @common=@redirect={'redirect\x00', 0x4, {{0xfffffffffffffffd}}}]}, @common=@IDLETIMER={'IDLETIMER\x00', 0x24, {{0x0, 'syz0\x00', 0x5}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x0, []}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x0, []}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x0, []}]}, 0x2fc)
ioctl$sock_SIOCGIFINDEX(r1, 0x89f2, &(0x7f0000000540)={'sit0\x00'})
r2 = dup(r0)
ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x3, 0xc24b})

2018/03/06 01:03:28 executing program 1:
r0 = socket$inet(0x2, 0xa, 0x0)
sendto$inet(r0, &(0x7f0000e78a42), 0xffae, 0x8084, &(0x7f00004d4000)={0x2, 0x4e20, @empty}, 0x10)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000f7a000)={0x77359400}, &(0x7f0000f7d000)={0x903}, 0x30d)
getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000040))
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000100)={<r1=>0x0, 0x6427, 0x3, [0x9, 0x1, 0x401]}, &(0x7f0000000140)=0xe)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000180)={r1, 0x2}, 0x8)

2018/03/06 01:03:28 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$packet(0x11, 0x800000000002, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xd43f58e118afee75}, 0x4)
r2 = request_key(&(0x7f0000000100)='trusted\x00', &(0x7f0000000140)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000180)='keyring\x00', 0xfffffffffffffffa)
r3 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, r2)
keyctl$setperm(0x5, r3, 0x2000000)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10)
sendto$inet(r4, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)
sendto$inet(r0, &(0x7f0000762fff), 0xfdc7, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000001}, 0x10)

2018/03/06 01:03:28 executing program 3:
r0 = socket$packet(0x11, 0x80000000000002, 0x300)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x320, 0x4)
sendto$inet6(r0, &(0x7f0000003fd9), 0x0, 0x0, &(0x7f0000008000)={0xa, 0x4e20, 0x100000002, @mcast2={0xff, 0x2, [], 0x1}}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000080)=0x100, 0x4)
ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)=[], 0x0, &(0x7f0000000500)=""/115, 0x73}, 0x2000)

2018/03/06 01:03:29 executing program 5:
unshare(0x400)
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x282041, 0x0)
r1 = signalfd4(r0, &(0x7f0000a9bff8)={0x8000000000000}, 0x8, 0x0)
flock(r1, 0x2)

2018/03/06 01:03:29 executing program 5:
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff)
getitimer(0x2, &(0x7f0000df8000))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a01fd0)={0x14, 0x0, &(0x7f0000f0d000)=[@enter_looper={0x630c}, @clear_death={0x400c630f, 0x0, 0x1}], 0xf2, 0x0, &(0x7f0000c9bf0e)="73a94b5f763c0237112ad7e226d44655b2e595e3335c9530d3901019c6714bf91f0f85c6863f28449b180959b003039cdb3e9b60e174ed40ba20cf538dccb7d5bac33f6253e2544c43eb49b1246d65978410e43d4a5c00b4fb6f3e053565c4af0b33c69590a3f5b3853cd3392cd93ee020024730b7b82c0f63030f5dc438dfdc78c2c010ec291acaabca1f3770a8dde1b565704e621a3f632aa043920fdcbece4ed0a820551175d47d4b68b7ae41fd1cfe0f656f9d7c1c9b8f87bc5c513abd4f782a12d58bc4d5a2740692efaba6a482d69edbd52f056cf78b5ccac34fcd343496a7d541c8e7efdfb37d17dc465897baec21"})
fallocate(r0, 0x2, 0x808, 0x9)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x200000000000a, &(0x7f0000df8ffc)=0x4, 0x4)
sendto$inet(r1, &(0x7f0000de1fff)='U', 0x1, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0x7f000001}, 0x10)
acct(0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000700)={<r2=>0x0}, &(0x7f0000000740)=0xc)
fstat(r1, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
lstat(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = getpid()
lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = gettid()
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000a00)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@empty}, 0x0, @in6=@dev}}, &(0x7f0000000b00)=0xe8)
stat(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
sendmsg$unix(r0, &(0x7f0000000cc0)={&(0x7f0000000480)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000500)="d5578697ccf0c41f68cfbcddd8e00334a22a153d9474c41e366feb1cefc7cc6b1a6297fd57a0c85ab67419a8414bbceb967455c7cd1c868bf39143c2b0d76a60ae1733fe23133d1a7231beecf043df508cb73e8c69a13f0486e0b1d70b59a9", 0x5f}, {&(0x7f0000000580)="1772844178c7330cf75644e952bf71305e13a736e9f796d96e6af32631480c96b9d17acbe1648e91217b5a9e918f41505c75666e5c55d2b443166dd905b7b6e04d30500be0a48bbb06ad9efa624a173991b38c9d", 0x54}, {&(0x7f0000000600)="cfe326c16aed86472949ef84da71fde5688f68fa71a8af19eeb4a345e2b5a4254d51cdd46c603e317eeacca12749c4906c8e9d2b05b54d8850101ce7e5b6783feec3d6ae80cb5964eacd045ca4d3164f98b6483aa5a53b65ad64a9b9fb87487bca1ffca00d0c6c62aada50a731d6a946d9a59eede559f7ccb398dd7b33761e5724577a2a41a98ec4cb85635d5d5ac3c5382451fad7c694419a879ed55b6b4cc37284b7aee8d99d21bd2da44872e296a184b198fb237f34d3417bacca6d66", 0xbe}], 0x3, &(0x7f0000000c00)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="100000000100000001000000", @ANYRES32=r0, @ANYBLOB="180000000100000002000000", @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="008000000000000000000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="1c0000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="140000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="180000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0], 0xa0, 0x4000000}, 0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@mcast2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{@in6=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000300)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'vlan0\x00', r11})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000180)={<r12=>0x0, 0x80000001}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000380)={r12, 0x9c, "683c5034b8db273e86b72b89858b563eb60e251092470bf62eb1cd023853f53fd70d6a1dc299e3acb6f5af224c84176b1c43b39f215bcafc7310947bacd0493b3f901d9a6b978a981d8a682d7f5d7835f57a610f664187d72deb8794d4b149f075693f3d0a67a0f30992fa8357b16f6a6641c080cb2cfe8c307141a372b863f0f2397b0f8cb4e598620ced691753e87b94b28e082eb03826e8db56f2"}, &(0x7f0000000440)=0xa4)
recvfrom$inet(r1, &(0x7f0000df7000)=""/157, 0x9d, 0x10002, &(0x7f0000df7ff0)={0x2, 0x4e22, @multicast2=0xe0000002}, 0x10)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={<r13=>0x0, 0x58, "04c9d59941cac0d6598fbacfe9a5fe581ed66acf5684244366ce32d1b6a757f74c18f2b88dd472a7b7a9a756bdb1a990f0c03e12bf7b7c1147c45c923c5eafd6f565e7f367c8f9ce624cf7c55ec74a6d7374b6e4a24b517a"}, &(0x7f0000000080)=0x60)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={r13, 0x8001}, 0x8)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000defffc)=0xb, 0x4)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000450000)={&(0x7f00005d8000)=[0x0, 0x0], 0x2})
sendto$inet(r1, &(0x7f0000b0c000)="11a58fde7649496403db92ed306004b3d3cbfc195485c3b895d864ab91a3aebde4f70a917a91ec9612d004000a7b43a35bb73249ede41bf5c05ab608fb7b74ffd57f6e8e43cf9cb723fc0d8d8cabbbbae3a5fde8ad6f52d667c512596f50b9962aa2193688d872a7eeca57801742d74d39c4b003a5e292e077ed102e7999329aab95a3d96363505f76c86a6d2352dd8025207ae531701f1ce353d6b017eb64000000bc2e9f8b66fe4a8e64f0fc7a0aa55d4103e1d7d5b0dd5750071e9b3a786021678a86fcbb0b9f9364ec0f0310306fef9c21b3b20d8b44423b495299cea2c6f40c377a72534453ad7f5af27b1efb2514ace1f9a68cf205a9ddb8fd954e34bde3612e6e05686cf3b968a14bd3a356f7b8d20214c0f7a388ef5ea8d063c65f2aabff685e69f86b4a0b3697f8bfbfe66796f0489ad2e49bdbc1742941c28c88cb93e1f8ccc3db4782cdf9cbd797ddc8d7b1364da50ad48e081a38622280169eba5c6a3bf9b5f15bdf8a8b6483340a3297c31154905db209195c28f15d10153204fbe0586516c714ddc939e0eb68c73969e81fc6f215b476ddf3fcf1a604603360089dadba2779cfed9027ac163067fc0d7592ac8a013b907372a42b242405241ac1f63f85a52fff2d78b30e87a156b5cfa133dabc259bb027bec5eb8c8eb623e9776a13d3ce972a6769de8a78153f498084a244b0146b77be3d1cba7b02fe8906ed8a88f105c763d1772825b986d52823bf38b6f95eca494fd9c64497874b9f450bec65311493cc108b27611eaa6819305a3730d29368f25f7e816d60884a1e0271c3c786ad36391366ac3b65f04c148974f6973005c5ff73d6f0b3f7e44c65da7c4115c4ee543991e4ad26938384cafffffffc8f7e79aaf1b8ef37f627e3c7168ecda2cf224a491bea6129fcd954b88dbb2d29464931bcd5378041db67ddc70ee856ae09c1b26b9ada008a7d52bf1a160606865a29794f36b2a3811c66e9fe27af8fc8356374e37f3eca244367fb535dde71fae4683710761b89f18820d4f06065450c3d1f76fa26ef28320edf6c36480af14f4444edb40ebb3f8ea264486ec31c40c7f0007a69c24da10db6f60da3e648f16b5fc6b5a5c6217e46c1f3ff354a8b49beb3b46a69dcb4c5d547a7b7ba8fe22da0173f9fe80f4bd47afbec4d2e0d3c91b1a326d8bb9fded873e87f847032af52bd6d129f3ce3f11ea9d0b4250af7eaa2649d9972b9b8dc773c869b3a431eac7f55d6bb92dc29f08d7d8959e2af7571efb7ec88eac4b62850e8f6b60d4a5d06d66875b4bd260a9014a2eb88621f4c6eb3f9ed2190b48acf0358d8b82fb4794535fcb8dd50ba86d23d230a94f07a768142ff3b4c8558dac21726b6279980c238041f26e86c8e3fa83028345999464e3e37d610ab7c15daaffb744a505a3dd9802b3721f29553ee23e1cf376f12cc3fe6b7ac76bd13da44356855be096155e355c9cad31fcdeedc6679c531bc1a2765dc8777108ec5e31d793005e718a9ced77d6505e44f649128a29f5264fecba132f9f5016eaf690751edd64d903b36ceb2b08042c60e9e97f8bc985476e6088a5ebd3743c2358171b30b16d730a5dd49c92fa19cc267e2c1927f200fc3d23a804f0a12b06a6a88a2685051ab28f1721209ada2c14b557a49423795b07040d510bb21ce5d15acedd18cb7cb7a93389ceb934206e4ffb220048a7a82fb3c251d0a31ba5af9eb0c16e29f33f9d0a78f5e6300cf04d17eb5f67711cafa0d4e99eeaf0f8fdbd34170318879a0d12c01891127ba7b677d204268524c5af1d7dc27176826302e34f9d35d2f2eefad5f22f68929d3456c11d5f00d4a8ce8b784bca8088805731eff2d47024c2da68abc2d2c0f7806d7d76cdf489f3bffa75cb826bc0809331d89a3255a498b8150d4ae31d03414ab244939455b6377c2917cb2d8a9f9ebf282657e417860e49ac94f4a838aefd34f28960a78da47933252d8cb2fdb27d413ee54502cd1bf75585468b77b8dca627cab29ef0a5297ee3dcb4c987520804e9a5f45e8241019281bab7e30f4b008bf0edf3b6fb5e8d1c2ab619b2eb84293d636a6a37d716cd8e102b7099676693cb7b01031b57ee93fd22cb18229893fd4d4ef87f1596879ac9f61b2f0c35be34cb6e6f75087ff963c188d43bcb464a95e956e75559eb1f6f2224fb2ca8f0bdc90ae5c2ce712498ee4026b13b8f3137000aa1545a75e5b48e80da30e6dac5529cac1099244e79ad542f45dcfbf16c62b5eb63daee8185c5e79ebfa1ca60880f9e2895f54ab95bbae38ae62200c1e439d73fa63d0bff75935a8ad2ae73b82132e8d4eb4bd55844b2f55c65d5ffa0c65aaf0cc5bc73925d05cf7c1c4383af074feb3a53919d2a3b5bef96115aab966821dbfc4577d19d85911a485c58a5b87cf44d230cfdc255486bb09d5c16f2164397f0fc5f652a171f0269bdcd98291410c010cc377d2690a6032fe5701117adbd0f6b847c9617a9b3d20529024d8d9749b9c49827694d346d3b1bbe434122331986b9f6e84430dfd75d123f3e307d6f5514f3da09b527408bfb6816da54beeefad160e4b095517f3292c2e17fb3bba47527671d0afe7c35d54d25ab307b15d069a05395a9cddd4b519224fe3c689d14827ede6d91ebace2a80afaad3dcd1f8ce20e92012b8934d7ff3ebdd285cc24202a86d70b96674a6af05a3c29065afa4e38b9c34006cb3eb9c87985cfc511a8c261cdeb0c7a3c7a682c40c5b9f1d7d5ef6f97e32d02fdd3f2ded413f4a36c4db899b96c8e40d91c2743cd1d435013e3c3431c82fc5b3345b66cce79fa49f10baa4ef28535eee8c5c1a4b38bace2fb14ec11d34d620b1cc2396dc1fa857ac6ac9f5689b5935f2f25184edd40f8f5c70714f941beae3e1bc9af757edd9d68fb24218e2a02aad4dc0b3c2e5ff94ce547f358f38e52673473fd0e57497978324aee16559e9cdbe5b3a0b96dd69fe5bc97e644487274b6158a0412bd60172bb66f774b8eae7bc1f52ed64d44c553bdc26823e35f18683554e7359802173d1fa86a66104abb1977c3e9fa6970ed7ee483b14b65673a81786fe0ed301f8edb0669fd25bfa0d565e3e93b19b8572c98dbacb103053527a95ee758be002e13df756bbc486def0db079124db72fadc26f0a26b42e21f260f902bb4cd881baae57eff1c3cc15063be17e48208b9a69622adfc03991d204fe0f5ae2528b22c7743f97e0669a1c3c0d0d90f39846fd954d681be0265d14b12285fb1b20bcbaa95915ad51ab8f84094674cbac0071021b261c39a46b0177b98f1662100ef31a3e981236d51e6c1429144a89d46b149301873ef99959f8ab15c12309620d5d548b62ff92233a3f200e0d0a9c2122be615dd91e6a6cd89290d24895540635fead9a56f481ee3fd7890852e271fa7c37b1836a3e1764574960e1ab9fda1d25693cfc33defea84f65c08cce479c66dc16b28d453a1b717fdd9f6ff46b1fa1b6866b4a8c1ad53439c5958403953b3a844b660b28b11d427b392a7c710edbf25725a65e6b94e4c64ae458a8c97c9f7a05a7d8ebf6c76e3afc0204ced97be84986da5403ef31eff1790c039fe00a89976ccab7638d2e217fc64609a41f3a008ed78b25d1a9420b782deef6ce2db0c6d427580087b69c75c1357ed2908c32cffee1c6ddd08510562ab015507a4eb4f54ae5c097cdca34f521f9fa8df7667645a696a472650c1ca9c035e95f34db54722897159c31dc6be5693a5f3871ccbb48a7ead233d03b76875590fa20bae4f37a2011622d0203a3e9d9e198cb075aba26f5e78a8f0b0cd27052527daf0f8e77858dbddec7038c198b868e93ae32f1745d166afed4129460e07af8cb6c3debb6503e87f3cb309e39ed3d682d24adec48ea22702c4d8d48386977a89b73e585f8c2c5fcb0a693cd5028a601b04b833a41ec705735c767c70d316b60aba2da24bd6523533f3180accade90f47e412b393ee1d2456cf8bb430289ddb824350764985c5e35f738f830a378bfa65fd167c7307c13acb912beefa69e499d4a750e820a7af08a7c204ffb64e09fcc921a4e79999757d608880bfd52255bbc16369af4f779edfd9439cfcd17fcc02d5aaa81bac66fa2e551cef55779bd90e8be587ee698575918fced59ec652af26718b3afd1471379132ba0b5143a78f84605b1ef51e49e820a8a8c1639f66bca5afd83602287e982eb125a3a032e4cc5b5be91ab4d8d958fd4dc4cbd310eddc91d89ada4d33fcc963d259e222520281d14e13577906e33665a31afa7cb501cc0c1198d1f755005e82f29bcda62bbf8680bc23d09cac6a8c89709b30c91d27ea148f01ba745346f1ba9ce89cd9b71ff18668a0254c07479762dbb78117c50450506e2a0a606309aa383ec55a49d2569c3a3fef8aad456aa81cb859519765de18a4b92194e8a6a43f1dade801f71eb56699bc021fa48f320f4128d6c153a2ec1fba1c5ca55c5058641692365d311c8902aaf1428d83281aa970af5d98591cd3af30fbb5ee4a1b697491ff6dd727a329feb17b782f254d691f949baf96afa195c62f2c3fd1855a79b25268cef9822e3c6a1b3aa226ec494b070a8774426a5f8877714fe206e569635805208ac7823c8546ec33e4482a85d6fddf86a37a1c60f0a19b5dfe88031b7541af0e93cac8a3bb1ff3e60190b96faedc3b6f63d38f3ee4286fbaa053e8e27ed13b77b2c576d824d777ca53df76d9572e71f74ff180778bf57458b37fe9dbaa6f9927b48b059e5c7fd908ac826aed8f68764285022f4b5cb6b73ef7222ecb0d701c782ed5c16a7c94235fe7c3e0bef9da7310c5f3cda407c5ae7ecfb6b392ad576610b48af17b3fc8a2fd6cd2eee1153cc48a21ba6768a88367a807be008bea547402da4c92c2006c83d74c9d0ef2ca711c54036c8e76ac26c7d22060c9bfc2e67f1d1c6f6bd2f751879295ee21fcf8588c9504cacb02fa3e3fc6e2bed352447a5c2677caba0538960357d6d1706adef5e7d4f6298ed4ecacb7776de15d9bbd672f9991f4bdc4f07401f67cf3a74c0495ea58d0f76a2e6060cecc1d04b93808dc8d61130305740b408359d5552cc23a7b1eff4285d563b4b6b011a4a11372a2bb01cbda724482f95c4487b02c85cc121012b3213041ff6a689072daa4d86a4c125b110f4e2eeed2dd73db0f94ce995896e0b8a9f8f3e9559024251a5b1726b0b3775bac9fabed968d2d4ea31bbdfb2910331d92cb4ff5cc9037cc08cd35f88c4d7b89e46a8cbd05e3c35732b5046b33060dce5372b171daa526a46c3444b331e71f0455fb8b43dc46e2c9f2c4effccf040e56de00000007b16de337f13e7a610feac2f336e75405a530815366e7edfbb429babfd0e68db56892b94621edd9df6ff454ab1dcdb8d39d282fa7932ec7ba5203df2f4196538a1fa040c8014d20ff57fdb8515325a6997b9b71f2094e053f126402a47e628eeb7d8f665fbabe8f1a409ca9c7c5c25baaa0e9945acf27e96f8241a445f7d3352494ba4210b348fa0ec11ea67dead4fc1e5e4f9202931386468882bee59f8d12174198142ef7764d6b930e937e20d018c0cc5a780490356f5521aac74d2c1736e20ae5e0cd8cf6676ac337e8a8976aac75a698e34e72bac561038f228c13b6e974bc21bb79618111db507f3ba314dd2d05fd050d684cf33d8da5f8e5f723a092098ac5b180a6579d543515c2e1d0eb502193aedab526d354b625990c7d5a9f90d86c4e374054f1d14270b603065293e7fa3840de575413b74bfbc4f8c139947ade9a6f48907053f1ae3a95c2", 0x1001, 0xc004, 0x0, 0x0)
recvmsg(r1, &(0x7f0000df6fc8)={&(0x7f0000df6f80)=@generic, 0x80, &(0x7f0000000100)=[{&(0x7f0000df5f6e)=""/146, 0x92}, {&(0x7f0000df6f74)=""/140, 0x8c}, {&(0x7f0000df5f18)=""/232, 0xe8}, {&(0x7f0000409fa2)=""/94, 0x43}, {&(0x7f00007a7f19)=""/231, 0x3c0}, {&(0x7f0000d76f57)=""/169, 0xa9}, {&(0x7f00009e3000)=""/230, 0x41e}, {&(0x7f0000923000)=""/37, 0x2e}, {&(0x7f0000554fcf)=""/49, 0x31}], 0x9, &(0x7f0000c27ff9)=""/7, 0xffffff89, 0x8000}, 0x40000100)

2018/03/06 01:03:29 executing program 0:
r0 = accept4$unix(0xffffffffffffff9c, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e, 0x80800)
mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x0, 0x32, r0, 0x0)
times(&(0x7f0000000240))

2018/03/06 01:03:29 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000016000)={0x10}, 0xc, &(0x7f000000b000)={&(0x7f0000007000)=@ipv6_delroute={0x30, 0x19, 0x60d, 0x0, 0x0, {0xa}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x1}}]}, 0x30}, 0x1}, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x280000, 0x0)
ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000040)=""/97)

2018/03/06 01:03:29 executing program 7:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='clear_refs\x00')
keyctl$link(0x8, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000040), 0x3)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
fcntl$getflags(r1, 0x401)

2018/03/06 01:03:29 executing program 6:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000040)=[0x1, 0x4])
mprotect(&(0x7f00004db000/0x2000)=nil, 0x2000, 0x0)

2018/03/06 01:03:29 executing program 0:

[   37.375237]  [<ffffffff82d652b8>] binder_thread_release+0x428/0x600
[   37.381642]  [<ffffffff82d658cf>] binder_deferred_func+0x43f/0xd10
[   37.387954]  [<ffffffff81234d01>] ? __lock_is_held+0xa1/0xf0
[   37.393743]  [<ffffffff811898a0>] process_one_work+0x7e0/0x1610
[   37.399795]  [<ffffffff811897ec>] ? process_one_work+0x72c/0x1610
[   37.406123]  [<ffffffff811890c0>] ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   37.412614]  [<ffffffff8118a7b0>] worker_thread+0xe0/0x10d0
[   37.418322]  [<ffffffff838a4583>] ? __schedule+0x683/0x1ba0
2018/03/06 01:03:29 executing program 7:

2018/03/06 01:03:29 executing program 6:

2018/03/06 01:03:29 executing program 5:

2018/03/06 01:03:29 executing program 4:

2018/03/06 01:03:29 executing program 5:

2018/03/06 01:03:29 executing program 0:

[   37.424029]  [<ffffffff8119a7bd>] kthread+0x26d/0x300
[   37.429213]  [<ffffffff8118a6d0>] ? process_one_work+0x1610/0x1610
[   37.435528]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.441145]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.446762]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.452377]  [<ffffffff838b57ac>] ret_from_fork+0x5c/0x70
[   37.457897] 
[   37.459510] Allocated by task 5324:
[   37.463125]  save_stack_trace+0x16/0x20
[   37.467093]  save_stack+0x43/0xd0
[   37.470537]  kasan_kmalloc+0xad/0xe0
[   37.474245]  kmem_cache_alloc_trace+0xfb/0x2a0
[   37.478813]  binder_transaction+0x103c/0x7040
[   37.483294]  binder_thread_write+0x8d4/0x31f0
[   37.487767]  binder_ioctl_write_read.isra.55+0x1ed/0x9a0
[   37.493193]  binder_ioctl+0xaea/0x11b0
[   37.497062]  compat_SyS_ioctl+0x15f/0x2050
[   37.501268]  do_fast_syscall_32+0x2f5/0x870
[   37.505586]  entry_SYSENTER_compat+0x90/0xa2
[   37.509960] 
[   37.511587] Freed by task 1802:
[   37.514837]  save_stack_trace+0x16/0x20
[   37.518780]  save_stack+0x43/0xd0
[   37.522210]  kasan_slab_free+0x72/0xc0
[   37.526066]  kfree+0x103/0x300
[   37.529230]  binder_free_transaction+0x6a/0x90
[   37.533782]  binder_send_failed_reply+0x185/0x3a0
[   37.538610]  binder_thread_release+0x416/0x600
[   37.543161]  binder_deferred_func+0x43f/0xd10
[   37.547626]  process_one_work+0x7e0/0x1610
[   37.551831]  worker_thread+0xe0/0x10d0
[   37.555697]  kthread+0x26d/0x300
[   37.559053]  ret_from_fork+0x5c/0x70
[   37.562743] 
[   37.564353] The buggy address belongs to the object at ffff8801d03b4d00
[   37.564353]  which belongs to the cache kmalloc-192 of size 192
[   37.576987] The buggy address is located 16 bytes inside of
[   37.576987]  192-byte region [ffff8801d03b4d00, ffff8801d03b4dc0)
[   37.588744] The buggy address belongs to the page:
[   37.593646] page:ffffea000740ed00 count:1 mapcount:0 mapping:          (null) index:0x0
[   37.601877] flags: 0x8000000000000080(slab)
[   37.606164] page dumped because: kasan: bad access detected
[   37.611852] 
[   37.613451] Memory state around the buggy address:
[   37.618350]  ffff8801d03b4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.625684]  ffff8801d03b4c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.633024] >ffff8801d03b4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.640363]                          ^
[   37.644225]  ffff8801d03b4d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   37.651563]  ffff8801d03b4e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.658892] ==================================================================
[   37.666224] Disabling lock debugging due to kernel taint
[   37.671815] Kernel panic - not syncing: panic_on_warn set ...
[   37.671815] 
[   37.679165] CPU: 0 PID: 1802 Comm: kworker/0:2 Tainted: G    B           4.9.86-gb324a70 #58
[   37.687719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.697065] Workqueue: events binder_deferred_func
[   37.702083]  ffff8801cefaf9a8 ffffffff81d956f9 ffffffff841979cf ffff8801cefafa80
[   37.710068]  0000000000000000 ffff8801d03b4d10 ffffed00367c9999 ffff8801cefafa70
[   37.718078]  ffffffff8142f531 0000000041b58ab3 ffffffff8418b430 ffffffff8142f375
[   37.726050] Call Trace:
[   37.728613]  [<ffffffff81d956f9>] dump_stack+0xc1/0x128
[   37.734050]  [<ffffffff8142f531>] panic+0x1bc/0x3a8
[   37.739040]  [<ffffffff8142f375>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   37.747245]  [<ffffffff8153dff0>] kasan_end_report+0x50/0x50
[   37.753028]  [<ffffffff8153e497>] kasan_report+0x167/0x360
[   37.758637]  [<ffffffff81dfd0b6>] ? __list_del_entry+0x196/0x1d0
[   37.764758]  [<ffffffff8153e704>] __asan_report_load8_noabort+0x14/0x20
[   37.771493]  [<ffffffff81dfd0b6>] __list_del_entry+0x196/0x1d0
[   37.777450]  [<ffffffff82d64cbc>] binder_release_work+0x8c/0x260
[   37.783570]  [<ffffffff82d648da>] ? binder_send_failed_reply+0x18a/0x3a0
[   37.790388]  [<ffffffff82d652b8>] binder_thread_release+0x428/0x600
[   37.796766]  [<ffffffff82d658cf>] binder_deferred_func+0x43f/0xd10
[   37.803058]  [<ffffffff81234d01>] ? __lock_is_held+0xa1/0xf0
[   37.808837]  [<ffffffff811898a0>] process_one_work+0x7e0/0x1610
[   37.814867]  [<ffffffff811897ec>] ? process_one_work+0x72c/0x1610
[   37.821080]  [<ffffffff811890c0>] ? pwq_dec_nr_in_flight+0x2d0/0x2d0
[   37.827542]  [<ffffffff8118a7b0>] worker_thread+0xe0/0x10d0
[   37.833225]  [<ffffffff838a4583>] ? __schedule+0x683/0x1ba0
[   37.838905]  [<ffffffff8119a7bd>] kthread+0x26d/0x300
[   37.844064]  [<ffffffff8118a6d0>] ? process_one_work+0x1610/0x1610
[   37.850352]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.855945]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.861543]  [<ffffffff8119a550>] ? kthread_park+0xa0/0xa0
[   37.867138]  [<ffffffff838b57ac>] ret_from_fork+0x5c/0x70
[   37.873063] Dumping ftrace buffer:
[   37.876577]    (ftrace buffer empty)
[   37.880257] Kernel Offset: disabled
[   37.883852] Rebooting in 86400 seconds..